I have not produced a practical implemention of the algorithm yet, so feel free to mention hypothetical attack vectors.
Let's imagine that there are three parties involved in our experiment: Alice, Bob and Eve.
Alice and Bob want to communicate securely using a public channel to which Eve has unrestricted access.
Let's say a simple handheld radio.
Eve records all the information that passes through the channel and is actively trying to intercept their communications. Furthermore she has access to unlimited computing power.
For ease of explanation, Alice and Bob do not have access to computers at all.
As such, Alice and Bob agree to use a simple one time pad system.
And their subsequent communications will proceed according to the following logic.
Firstly each of them will create a deck of 100 cards numbered sequentially.
Then they will agree on who should go first, which in this case will be Alice.
To generate a single bit of their shared key, each of them will choose a 'Polarity'. This will be either 'Positive' or 'Negative'. Referring to positive feedback or negative feedback respectively.
Then they will write down their starting 'Bias'. There should be exactly as many cards above as there are below this number. 50.5.
Alice can now shuffle her deck and draw a card, if it is higher than her bias, she will report 'High', ('Low' otherwise) and either add or subtract one from her bias.
A positive feedback will make the same outcome more likely in future, and therefore reduce the value of the bias in this case.
A negative feedback would reduce the likelihood, corresponding to an increase in the value of the bias.
Then, Bob will add or subtract one from his bias before he shuffles and selects his card.
They endure 100 rounds of this tedium, which completes a set.
They then count the number of Highs and Lows generated, and the set is a failure if the values differ by 10 or more.
If successful each party reverses their polarity, and completes another set of 100 rounds.
Once again, if the count of high and low differ by 10 or more, the set is considered a failure.
In the case of failure, both parties choose a new polarity and reset their bias to 50.5.
However, if both sets succeed, this heavily implies that Alice and Bob have chosen opposing polarities.
Alice will record her polarity as the shared key bit.
And the party that goes second, Bob, will record the opposite of their chosen polarity as the shared key bit
... keep reading on reddit β‘I am having difficulty understanding a couple of chapters and wonder if anyone has a good reference which makes this easier to understand? Topics: Chapter 6/7 Cryptography and Symmetric Key Algorithms & PKI Cryptographic Applications
Doesn't it just make sense to use an asymmetric key, with the decrypting one immediately deleted? Why would they leave it open to being stolen out of the program like that?
Start with any unitary (EDIT: bijective) function of n bits to n other bits. All crypto is bijective, which means it has the same number of possible inputs and possible outputs. Example: any sequence of arbitrary permutations and plusses (mod a power of 2), then the reverse.
All sequential logic, such as every digital circuit, can be made of nand gates that each hook to 2 earlier nand gates, observing those 2 bits, and generate a bit (NOT (AND of those 2)). https://en.wikipedia.org/wiki/NAND_gate Nor gates would also work.
Write x=decrypt(encrypt(x)) as a nand forest.
Example: 256 inputs and 256 outputs with nands between them. Useful with sha256 to digitally-sign the hash of the bigger data.
Take a cross-section of nandForest(x=decrypt(encrypt(x))).
Example: 700 nands may be somewhere in the middle, with the input and output entirely separated by those 700 bit vars. What happens on either side can only affect the other side through those 700 bits.
The nand forest from 256 inputs to 700 in the middle is the private-key. Sign any 256 bits to create a 700 bit signature.
The nand forest from those 700 in the middle to the 256 outputs is the public-key. Verify any 700 bits generate the original 256 that was signed.
Example: Given any such key pair, take the sha256 of (the utf8 bytes of) this sentence, generate 700 bits, then broadcast those, the sentence, and the public-key. Then do the same for another sentence. Whoever has the public-key and both of those sentences and 700 bits can verify they were signed by the same private-key.
Problem? How efficient are SAT-Solvers on such npcomplete problems like reverse-computing a nand-forest? Its an open research problem how securely such a cross-section of the nand forest can be chosen from all possible cross-sections.
What I mean by this is that the actual encryption algorithm varies deterministically based on the key. So things like the number of rounds, the order of the operations, the number of operations and so forth are all determined by the key, so in essence, the actual encryption algorithm itself would remain a mystery even if the source code were available to an attacker.
Hello, i recently listened to a conversation, which hinted that it is possible to generate session keys which possess the PFS attribute without relying on DiffieHellman or Generalized Diffie Hellman Protocols. Only with stuff like serpent, HMAC-SHAX and scrypt or argon.
Is this true? If i have understood this wrong, is there somewhere a survey or a tome which lists all current known protocols which posses all PFS attribute?
Hi,
In his depiction of symmetric shadowcasting FOV, Albert Ford argues that Bresenhamβs algorithm can be used as LOS since it maps exactly to the FOV algorithm.
Is this statement incorrect? I find that in practice it doesn't work, and the example provided just before the above statement shows a case where the path between two visible entities contains tiles that are not visible.
Is thare any modification required to Bresenhamβs algorithm for it to work?
I can't find anything on the Internet that is beginner-friendly and our teacher explained nothing related to this. Can anyone give me an algorithm or a link to any book/website where this method is explained.
Thanks in advance!
I need to build an app that contains data that is encrypted (with AES, but that's irrelevant). The data will be decrypted inside a web browser requiring a combination of two keys:
- A key that is only known to the user, such as a passphrase (let's call it
Ku) - A key that is stored inside a server and is provided to the browser only after having verified certain credentials (
Ks)
The problem I'm trying to solve is that no party (user or server) should be able to decrypt the data with only one of the two keys. Only the browser should be allowed to decrypt the key after the user typed a passphrase (which is not sent to the server) and has received the half of the key from the server (after having authenticated themselves).
Ku is a passphrase that is user-defined; this is hopefully strong enough (with enough entropy). Ks can be generated randomly, and for example be a long-enough string (such as 32 random bytes, possibly encoded as base64).
There are two ideas I am considering and would like your thoughts on them:
- Use a key that is
KDF(Ku || Ks), that is: concatenate the two keys (as simple strings) and then use a KDF to derive a symmetric key. (Ksin this case could be base64-encoded - it would still be 256 bit of entropy) - Use a (static) ECDH to perform a key agreement. In this case,
Kswould be the server's private key.Kuis the user's private key that is wrapped using a passphrase (that is: the user's passphrase is converted to a key with a KDF, then we use AES-KW as per RFC-3394 to wrap the private EC key).
Thoughts on the above? Or, is there a better option?
(As for KDF, that will likely be Argon2id, but any strong KDF should work)
Hi, I was wondering if someone can point me to the right direction for the solution on a problem with symmetric polynomials.
Let x_1 , x_2 , x_3 ... x_n be a set of variables and y_1 , y_2 , ... y_m defined as:
- m=n(n-1)/2
- y_k = (x_i - x_j )^2 with i>j (and for example k representing the index of the pair (i,j) when the lexicographical order is considered, but this is not important)
A symmetric polynomial in the y variables is symmetrical also when expressed in the x variables.
Is there an algorithm/formula that allow to compute the p-th (p=1...m) elementary symmetric polynomial in the y variables in term of the elementary symmetric polynomials in the x variables?
Example: n=3 and m=3 let S_p denote the p-th symmetric polynomial in the y variables and s_p the one in the x variables
S_1=y_1+y_2+y_3
=(x_1-x_2)^2 + (x_1-x_3)^2 + (x_2-x_3)^2
=2 x_1^2 + 2 x_2^2 + 2 x_3 ^2 -2 x_1 x_2 - 2 x_2 x_3 - 2 x_1 x_3
=2 (x_1 + x_2 + x_3)^2 - 6 (x_1 x_2 + x_2 x_3 + x_1 x_3)
=2 s_1^2 - 6 s_2
While I can compute easily S_p in therm of the s_q with a CAS like mathematica it becomes a problem when n is big and p is around m/2, so I was wondering if there exists a recursive (in n and p) or symbolic expression.
Thanks!
Hi, my question is: Will it be needed for data-at-rest for longer times that symmetric algorithms get longer blocksizes in the future? I mean we already have attacks like sweet32 for tls stuff and perhaps there will be new attacks? Wouldn't it be prudent to create symmetrical algorithms with plain/ciphertext blocks with 256 Bits or even longer? Are there perhaps already some? That would also mitigate the risk if block modes have some issues with short blocksizes.
What do you think about that?
It seems strange to me. So many pander to the "256"bit minimum, when alas, our RSA key encapsulation/ECC key agreement schemes are only 128-bit hard.
Thus there is no benefit to using 256-bit symmetric after a asymmetric KEX, right?
Have you guys noticed the forced nature of "must use 256-bit keys" for TLS?
- size 2^n, of which there are (2^n)! of them
There are (2^n)! possible symmetric crypto algorithms on n bits, ignoring preprocessing and postprocessing.
Such a permutation could impractically and inefficiently be written as a list of the first 2^n nonnegative integers. There are more compressed ways to write a permutation, such as a sequence of permutations is a permutation. If the same permutation were used in multiple ways, it would be smaller. Finding the smallest compression of a certain bitstring, limited to any specific maximum compute cycles and memory, is npcomplete (too hard to find the best except for maybe up to 20 bits, but it means there are better ops for us to find). So it may be that we can randomly select from all possible permutation functions on 2^n possibilities of n bits, by storing some of the permutation function in its behaviors depending on certain inputs/outputs (which must be reversible) instead of the algorithm itself needing 2^n amount of storage to be 1 of those (2^n)! possible permutation functions.
Either way, is a randomly selected permutation function of 2^n input and output the strongest possible symmetric crypto algorithm on n bits (ignoring efficiency)?
Following up on a conversation here,
I just wanted opinions, on modern Linux and macOS, dev/urandom is an appropriate way to generate random numbers for cryptographic use right? Ie. symmetric key material
(Barring exceptional circumstances like containerised OS with not enough entropy)
Hi guys! I'm just starting to learn about encryption and am using YouTube and articles to help my learning, so sorry if I come off as a noob when asking this. How can a key be securely shared in symmetric encryption? And if it can be, why not just send the data that needs to be encrypted with it? If it can't be, does that mean symmetric encryption is weak because the key can be intercepted/copied or recreated?
I can't seem to find direct answers to these questions and still have a lot to learn, so I thought here might be a good place to ask. Any/all help is appreciated
I've been toying around with an encryption system lately, because it's one of my weak points. What I have developed is something that seems to be pretty standard. Alice and Bob both have asymmetric keys (private/public using RSA 2048bit). I store those on the file system and a obscure link in the database to them (I know security through obscurity - storage is an area i haven't figured out yet).
Now when Alice wants to message Bob - the system creates a symmetric key using phpseclib's Random::string() (because I was already using the lib for the RSA stuff - why not). I then encrypt the message with Rijndael using the sym key and encrypt the sym key with Bob's public key and attach the length of the encrypted sym key to the whole message so: encrypted_sym_key_len . encrypted_sym_key . encrypted_message.
My questions are is this good/bad/whatever and is Rijndael a good algorithm for this purpose? Currently this is all happening inside of a database - not over a network and is just a proof of concept for something I may want to dig into in the future.
